[OE-core] [PATCH] ffmpeg: fix CVE-2021-38114
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++
meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 3 +-
2 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
new file mode 100644
index 00..ab3ecfecbb
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
@@ -0,0 +1,67 @@
+CVE: CVE-2021-38114
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran
+
+From 463dbe4e78cc560ca5b09f23a07add0eb78ccee8 Mon Sep 17 00:00:00 2001
+From: maryam ebr
+Date: Tue, 3 Aug 2021 01:05:47 -0400
+Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value
+
+Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
+crafted DNxHD data can cause unspecified impact.
+
+Reviewed-by: Paul B Mahol
+Signed-off-by: James Almer
+---
+ libavcodec/dnxhddec.c | 22 +++---
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c
+index c78d55aee5..9b475a6979 100644
+--- a/libavcodec/dnxhddec.c
b/libavcodec/dnxhddec.c
+@@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
+
+ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ {
++int ret;
+ if (cid != ctx->cid) {
+ const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid);
+
+@@ -132,19 +133,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t
cid, int bitdepth)
+ ff_free_vlc(>dc_vlc);
+ ff_free_vlc(>run_vlc);
+
+-init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257,
++if ((ret = init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257,
+ ctx->cid_table->ac_bits, 1, 1,
+- ctx->cid_table->ac_codes, 2, 2, 0);
+-init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
++goto out;
++if ((ret = init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ?
14 : 12,
+ ctx->cid_table->dc_bits, 1, 1,
+- ctx->cid_table->dc_codes, 1, 1, 0);
+-init_vlc(>run_vlc, DNXHD_VLC_BITS, 62,
++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
++goto out;
++if ((ret = init_vlc(>run_vlc, DNXHD_VLC_BITS, 62,
+ ctx->cid_table->run_bits, 1, 1,
+- ctx->cid_table->run_codes, 2, 2, 0);
++ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
++goto out;
+
+ ctx->cid = cid;
+ }
+-return 0;
++ret = 0;
++out:
++if (ret < 0)
++av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
++return ret;
+ }
+
+ static int dnxhd_get_profile(int cid)
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
index 0c6af6549d..c0318ef01d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-33815.patch \
- file://fix-CVE-2021-38171.patch \
+ file://fix-CVE-2021-38171.patch \
+ file://fix-CVE-2021-38114.patch \
"
SRC_URI[sha256sum] =
"06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909"
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#157088):
https://lists.openembedded.org/g/openembedded-core/message/157088
Mute This Topic: https://lists.openembedded.org/mt/86420133/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] ffmpeg: fix CVE-2021-38114
Ah yes sorry, tried to use the same patch I made for hardknott, I'll send the correct one for 4.4 Regards, Kiran On 10/8/21 5:12 PM, Richard Purdie wrote: [Please note: This e-mail is from an EXTERNAL e-mail address] On Fri, 2021-10-08 at 09:48 -0700, Kiran Surendran wrote: backport from upstream Signed-off-by: Kiran Surendran --- .../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++ .../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch Master has 4.4 so this doesnt apply? Which release was this targeted at? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156787): https://lists.openembedded.org/g/openembedded-core/message/156787 Mute This Topic: https://lists.openembedded.org/mt/86175257/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ffmpeg: fix CVE-2021-38114
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +-
2 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
new file mode 100644
index 00..3de7cf7e0f
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
@@ -0,0 +1,67 @@
+CVE: CVE-2021-38114
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran
+
+From 662aef4aacf23b4be4c1cfaebd837e225b357e51 Mon Sep 17 00:00:00 2001
+From: maryam ebr
+Date: Tue, 3 Aug 2021 01:05:47 -0400
+Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value
+
+Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
+crafted DNxHD data can cause unspecified impact.
+
+Reviewed-by: Paul B Mahol
+Signed-off-by: James Almer
+---
+ libavcodec/dnxhddec.c | 22 +++---
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c
+index e5d01e2e71..54f894f81b 100644
+--- a/libavcodec/dnxhddec.c
b/libavcodec/dnxhddec.c
+@@ -110,6 +110,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
+
+ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ {
++int ret;
+ if (cid != ctx->cid) {
+ int index;
+
+@@ -129,19 +130,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t
cid, int bitdepth)
+ ff_free_vlc(>dc_vlc);
+ ff_free_vlc(>run_vlc);
+
+-init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257,
++if ((ret = init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257,
+ ctx->cid_table->ac_bits, 1, 1,
+- ctx->cid_table->ac_codes, 2, 2, 0);
+-init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
++goto out;
++if ((ret = init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ?
14 : 12,
+ ctx->cid_table->dc_bits, 1, 1,
+- ctx->cid_table->dc_codes, 1, 1, 0);
+-init_vlc(>run_vlc, DNXHD_VLC_BITS, 62,
++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
++goto out;
++if ((ret = init_vlc(>run_vlc, DNXHD_VLC_BITS, 62,
+ ctx->cid_table->run_bits, 1, 1,
+- ctx->cid_table->run_codes, 2, 2, 0);
++ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
++goto out;
+
+ ctx->cid = cid;
+ }
+-return 0;
++ret = 0;
++out:
++if (ret < 0)
++av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
++return ret;
+ }
+
+ static int dnxhd_get_profile(int cid)
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 0a49493abd..7df356946b 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
- "
+ file://fix-CVE-2021-38114.patch \
+ "
SRC_URI[sha256sum] =
"46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
# Build fails when thumb is enabled:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156783):
https://lists.openembedded.org/g/openembedded-core/message/156783
Mute This Topic: https://lists.openembedded.org/mt/86175257/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ffmpeg: fix CVE-2021-38171
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 42 +++
meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 3 +-
2 files changed, 44 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
new file mode 100644
index 00..d82f3a4b63
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
@@ -0,0 +1,42 @@
+CVE: CVE-2021-38171
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran
+
+From fb993619d1035fa9646506925ea70fb122038999 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh
+Date: Wed, 4 Aug 2021 16:15:18 -0400
+Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in
+ adts_decode_extradata
+
+As the second argument for init_get_bits (buf) can be crafted, a return value
check for this function call is necessary.
+'buf' is part of 'AVPacket pkt'.
+replace init_get_bits with init_get_bits8.
+
+Signed-off-by: Michael Niedermayer
+(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
+Signed-off-by: Michael Niedermayer
+---
+ libavformat/adtsenc.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
+index 3595cb3bb2..c35a12a628 100644
+--- a/libavformat/adtsenc.c
b/libavformat/adtsenc.c
+@@ -51,9 +51,11 @@ static int adts_decode_extradata(AVFormatContext *s,
ADTSContext *adts, const ui
+ GetBitContext gb;
+ PutBitContext pb;
+ MPEG4AudioConfig m4ac;
+-int off;
++int off, ret;
+
+-init_get_bits(, buf, size * 8);
++ret = init_get_bits8(, buf, size);
++if (ret < 0)
++return ret;
+ off = avpriv_mpeg4audio_get_config2(, buf, size, 1, s);
+ if (off < 0)
+ return off;
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
index fc1834c00b..0c6af6549d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-33815.patch \
- "
+ file://fix-CVE-2021-38171.patch \
+ "
SRC_URI[sha256sum] =
"06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909"
# Build fails when thumb is enabled:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156282):
https://lists.openembedded.org/g/openembedded-core/message/156282
Mute This Topic: https://lists.openembedded.org/mt/85823465/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] ffmpeg: fix CVE-2021-38171
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 42 +++
meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 3 +-
2 files changed, 44 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
new file mode 100644
index 00..d82f3a4b63
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
@@ -0,0 +1,42 @@
+CVE: CVE-2021-38171
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran
+
+From fb993619d1035fa9646506925ea70fb122038999 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh
+Date: Wed, 4 Aug 2021 16:15:18 -0400
+Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in
+ adts_decode_extradata
+
+As the second argument for init_get_bits (buf) can be crafted, a return value
check for this function call is necessary.
+'buf' is part of 'AVPacket pkt'.
+replace init_get_bits with init_get_bits8.
+
+Signed-off-by: Michael Niedermayer
+(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
+Signed-off-by: Michael Niedermayer
+---
+ libavformat/adtsenc.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
+index 3595cb3bb2..c35a12a628 100644
+--- a/libavformat/adtsenc.c
b/libavformat/adtsenc.c
+@@ -51,9 +51,11 @@ static int adts_decode_extradata(AVFormatContext *s,
ADTSContext *adts, const ui
+ GetBitContext gb;
+ PutBitContext pb;
+ MPEG4AudioConfig m4ac;
+-int off;
++int off, ret;
+
+-init_get_bits(, buf, size * 8);
++ret = init_get_bits8(, buf, size);
++if (ret < 0)
++return ret;
+ off = avpriv_mpeg4audio_get_config2(, buf, size, 1, s);
+ if (off < 0)
+ return off;
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
index fc1834c00b..0c6af6549d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-33815.patch \
- "
+ file://fix-CVE-2021-38171.patch \
+ "
SRC_URI[sha256sum] =
"06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909"
# Build fails when thumb is enabled:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156273):
https://lists.openembedded.org/g/openembedded-core/message/156273
Mute This Topic: https://lists.openembedded.org/mt/85823465/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH] ffmpeg: fix CVE-2021-38114
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +-
2 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
new file mode 100644
index 00..3de7cf7e0f
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
@@ -0,0 +1,67 @@
+CVE: CVE-2021-38114
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran
+
+From 662aef4aacf23b4be4c1cfaebd837e225b357e51 Mon Sep 17 00:00:00 2001
+From: maryam ebr
+Date: Tue, 3 Aug 2021 01:05:47 -0400
+Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value
+
+Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
+crafted DNxHD data can cause unspecified impact.
+
+Reviewed-by: Paul B Mahol
+Signed-off-by: James Almer
+---
+ libavcodec/dnxhddec.c | 22 +++---
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c
+index e5d01e2e71..54f894f81b 100644
+--- a/libavcodec/dnxhddec.c
b/libavcodec/dnxhddec.c
+@@ -110,6 +110,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
+
+ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ {
++int ret;
+ if (cid != ctx->cid) {
+ int index;
+
+@@ -129,19 +130,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t
cid, int bitdepth)
+ ff_free_vlc(>dc_vlc);
+ ff_free_vlc(>run_vlc);
+
+-init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257,
++if ((ret = init_vlc(>ac_vlc, DNXHD_VLC_BITS, 257,
+ ctx->cid_table->ac_bits, 1, 1,
+- ctx->cid_table->ac_codes, 2, 2, 0);
+-init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
++goto out;
++if ((ret = init_vlc(>dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ?
14 : 12,
+ ctx->cid_table->dc_bits, 1, 1,
+- ctx->cid_table->dc_codes, 1, 1, 0);
+-init_vlc(>run_vlc, DNXHD_VLC_BITS, 62,
++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
++goto out;
++if ((ret = init_vlc(>run_vlc, DNXHD_VLC_BITS, 62,
+ ctx->cid_table->run_bits, 1, 1,
+- ctx->cid_table->run_codes, 2, 2, 0);
++ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
++goto out;
+
+ ctx->cid = cid;
+ }
+-return 0;
++ret = 0;
++out:
++if (ret < 0)
++av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
++return ret;
+ }
+
+ static int dnxhd_get_profile(int cid)
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 0a49493abd..7df356946b 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
- "
+ file://fix-CVE-2021-38114.patch \
+ "
SRC_URI[sha256sum] =
"46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
# Build fails when thumb is enabled:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156073):
https://lists.openembedded.org/g/openembedded-core/message/156073
Mute This Topic: https://lists.openembedded.org/mt/85636451/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH] ffmpeg: fix CVE-2021-38171
From: Kiran Surendran
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 40 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +-
2 files changed, 42 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
new file mode 100644
index 00..8775acd8c5
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
@@ -0,0 +1,40 @@
+CVE: CVE-2021-38171
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran
+
+From d5373a9efb10c1fa87698ee41370fb04dc2e410b Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh
+Date: Wed, 4 Aug 2021 16:15:18 -0400
+Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in
+ adts_decode_extradata
+
+As the second argument for init_get_bits (buf) can be crafted, a return value
check for this function call is necessary.
+'buf' is part of 'AVPacket pkt'.
+replace init_get_bits with init_get_bits8.
+
+Signed-off-by: Michael Niedermayer
+---
+ libavformat/adtsenc.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
+index d937e2bea9..a1593515e1 100644
+--- a/libavformat/adtsenc.c
b/libavformat/adtsenc.c
+@@ -50,9 +50,11 @@ static int adts_decode_extradata(AVFormatContext *s,
ADTSContext *adts, const ui
+ GetBitContext gb;
+ PutBitContext pb;
+ MPEG4AudioConfig m4ac;
+-int off;
++int off, ret;
+
+-init_get_bits(, buf, size * 8);
++ret = init_get_bits8(, buf, size);
++if (ret < 0)
++return ret;
+ off = avpriv_mpeg4audio_get_config2(, buf, size, 1, s);
+ if (off < 0)
+ return off;
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 0a49493abd..7a027d43b9 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
- "
+ file://fix-CVE-2021-38171.patch \
+ "
SRC_URI[sha256sum] =
"46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
# Build fails when thumb is enabled:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156063):
https://lists.openembedded.org/g/openembedded-core/message/156063
Mute This Topic: https://lists.openembedded.org/mt/85630247/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH] ffmpeg: fix CVE-2021-38291
From: Kiran Surendran
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38291.patch| 54 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
new file mode 100644
index 00..ef1c760286
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
@@ -0,0 +1,54 @@
+CVE: CVE-2021-38291
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran
+
+From e908bdb157fa493be2b50e2a11055d19c5254a15 Mon Sep 17 00:00:00 2001
+From: James Almer
+Date: Wed, 21 Jul 2021 01:02:44 -0300
+Subject: [PATCH] avcodec/utils: don't return negative values in
+ av_get_audio_frame_duration()
+
+In some extrme cases, like with adpcm_ms samples with an extremely high channel
+count, get_audio_frame_duration() may return a negative frame duration value.
+Don't propagate it, and instead return 0, signaling that a duration could not
+be determined.
+
+Fixes ticket #9312
+
+Signed-off-by: James Almer
+---
+ libavcodec/utils.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/utils.c b/libavcodec/utils.c
+index 81e34254e8..5fdb10fe09 100644
+--- a/libavcodec/utils.c
b/libavcodec/utils.c
+@@ -1776,20 +1776,22 @@ static int get_audio_frame_duration(enum AVCodecID id,
int sr, int ch, int ba,
+
+ int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes)
+ {
+-return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
++int duration = get_audio_frame_duration(avctx->codec_id,
avctx->sample_rate,
+ avctx->channels, avctx->block_align,
+ avctx->codec_tag,
avctx->bits_per_coded_sample,
+ avctx->bit_rate, avctx->extradata,
avctx->frame_size,
+ frame_bytes);
++return FFMAX(0, duration);
+ }
+
+ int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes)
+ {
+-return get_audio_frame_duration(par->codec_id, par->sample_rate,
++int duration = get_audio_frame_duration(par->codec_id, par->sample_rate,
+ par->channels, par->block_align,
+ par->codec_tag,
par->bits_per_coded_sample,
+ par->bit_rate, par->extradata,
par->frame_size,
+ frame_bytes);
++return FFMAX(0, duration);
+ }
+
+ #if !HAVE_THREADS
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 0a49493abd..3e7ceb859f 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
+ file://fix-CVE-2021-38291.patch \
"
SRC_URI[sha256sum] =
"46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155865):
https://lists.openembedded.org/g/openembedded-core/message/155865
Mute This Topic: https://lists.openembedded.org/mt/85489749/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
